Qualys is expanding its security and compliance capabilities for Microsoft Azure, by adding protection for the on-premises Azure Stack and extending capabilities for public cloud deployments.

By using Qualys’ platform to defend hybrid IT environments, organizations get a unified view of their security posture, and can apply the same standards and processes on premises and in clouds.

“The advantages of doing so all within a single pane of glass is to reduce your total cost of ownership, and to have all the data in one place,” Hari Srinivasan, a Qualys Director of Product Management, said during a presentation at Microsoft’s Ignite 2018 conference.

That way, when a major attack like WannaCry is unleashed, organizations can quickly assess their risk and take action from a single console, instead of scrambling to assemble fragmented information from siloed tools.

Read on to learn more about Qualys’ comprehensive offerings for Azure.

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, protecting these environments is critical for complying with the EU’s General Data Protection Regulation (GDPR).

GDPR, which went into effect in May, imposes strict requirements on millions of businesses worldwide that control and process the personal data of EU residents.

Public cloud platforms are being used to power digital transformation initiatives across many business functions where EU residents’ personal data is likely to be stored, processed and shared.

Thus, organizations need complete visibility into their public clouds, and they must have a solid security and compliance posture in these environments that includes vulnerability management, asset inventory, web app scanning, DevSecOps pipeline protection, and IT configuration controls.

As organizations increase their use of public cloud platforms, they encounter cloud-specific security and compliance threats, which can be challenging to address without the right tools and processes.

Organizations’ cloud security difficulties lie in two main areas: Lack of visibility into their cloud assets and resources, and a misunderstanding of cloud providers’ shared security responsibility model. As a result, there have been a multitude of easily preventable security mishaps in public cloud deployments due to leaky storage buckets, misconfigured security groups, and erroneous user policies.

These security breakdowns have caused data breaches and other compromises at organizations large and small, including Verizon, Viacom, the Republican National Committee, Tesla and the U.S. Department of Defense. The key to protect public cloud workloads lies in adopting a cloud-native way of supporting and securing your resources in a hybrid IT environment, so as to have full visibility and control.

“Rather than having bifurcated tooling or bifurcated processes or even bifurcated teams, organizations need a unified view of their resources and security posture across on-premises and cloud environments,” Hari Srinivasan, Director of Product Management at Qualys, said during a recent webcast.

Read on to learn about cloud security challenges, best practices, and how Qualys can help you secure any infrastructure, at any scale, on-premises and in cloud, via a unified interface, using uniform standards and processes.

With organizations aggressively moving workloads to public cloud platforms, such as Amazon’s AWS, Google Cloud, and Microsoft’s Azure, protecting these environments is critical for compliance with the EU’s General Data Protection Regulation (GDPR).

These public cloud platforms are being used to power digital transformation initiatives across a wide variety of business functions, including supply chain management, customer support, employee collaboration, sales and marketing.

In all of these business tasks that are being digitally transformed in the cloud, customer personal data regulated by GDPR is likely to be stored, processed and shared.

As cloud computing adoption accelerates among businesses, InfoSec teams are struggling to fully protect cloud workloads due to a lack of visibility into these environments, and to hackers’ increasingly effective attacks.

“We’re seeing more organizations moving to the cloud. They’re definitely moving quickly. And security teams aren’t wholly comfortable with the way cloud providers are giving us details about what’s going on in the environments,” report author Dave Shackleford, a SANS Institute analyst and instructor, said during a webcast to discuss the study findings.

It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation efforts aimed at increasing business efficiency and effectiveness.

This trend represents both a challenge and an opportunity for InfoSec teams. The challenge: To ensure the security and compliance of these cloud instances, without interrupting their deployment. The opportunity: To become a partner to business units by facilitating the adoption of public cloud services and other digital transformation technologies.

The digital transformation opportunities ahead are immense, according to Qualys’ CISO. Digital transformation programs are yielding tangible business benefits, but fundamental security challenges remain, he said during the recent webcast “Securing Your Public Cloud Infrastructure.”

Specifically, InfoSec teams must gain visibility into these cloud workloads, so that they can monitor those assets, identify vulnerabilities and misconfigurations, and promptly remediate problems.Continue reading …

As organizations seek digital transformation benefits and aggressively move workloads to public cloud platforms, InfoSec teams must support their business units’ efforts by adapting and properly protecting these environments.

This may sound surprising to those who think that, when you use a public cloud service, the platform provider takes on all security and compliance tasks. Rather, these public cloud service providers operate on a “shared security responsibility” model, so the burden is split between you and them.

In other words, you get to define your controls inthe cloud to protect your data and infrastructure, while the cloud provider takes care of the security ofthe cloud.